Electronic commerce is an emerging method of transacting business between parties across local, wide area, and global networks. However, in order for electronic commerce to be considered a safe and reliable means of doing business, there must be suitable controls in place to protect the transaction and to ensure the trust and confidence of both parties in the transaction. For example, it is important that one party can rely on the acceptance of an offer by another party in an electronically conducted transaction within a regime providing effective legal protections.
In this respect, electronic signatures have been offered as an effective security component in protecting the information of a transaction and providing trust in electronic commerce. A European Directive defines an electronic signature as “data in electronic form which is attached to or logically associated with other electronic data and which serves as a method of authentication”, although other definitions or variations of this definition are also employed. Generally, an electronic signature can provide evidence that a commitment has been explicitly endorsed under a signature policy, at a given time, by an identified signer, and optionally, a role. The signature policy specifies the technical and procedural requirements on signature creation and verification in order to meet a particular business need.
A given legal framework may recognize a particular signature policy as meeting its statutory, regulatory, and judicial requirements. For example, a specific signature policy may be recognized by courts of law as meeting the legal requirements for electronic commerce. Accordingly, within this legal framework, a holder of an electronic contract can provide evidence that a contract was electronically signed by another party and is therefore enforceable against that party.
Verification of basic electronic signatures generally involved certain cryptographic checks. However, verification becomes more complex a problem when one must account for revocation or expiration of electronic signatures over time. Furthermore, addition of advanced features to electronic signatures, such as qualifying properties, timestamps, and countersignatures, can contribute to long term signature validity and non-repudiation of an original signature but such features can also complicate the signature validity verification process. Existing approaches fail to provide a robust and effective verification of such advanced electronic signatures, particularly in the presence of multiple timestamps and countersignatures.